Millions of websites are powered by WordPress software and there’s a reason for that. WordPress is the most developer-friendly content management system out there, so you can essentially do anything you want with it. Unfortunately, that has some downsides as well.

In this WordPress tutorial you will find 9 best wordpress security tips and tricks to Protect website and to keep hackers away.It’s worth your time to look over this list of security tips, and to take the few simple actions to implement them.

1. Keep WordPress updated
Make sure you always have the most recent version of WordPress installed. Updating WordPress is relatively quick and easy, and can be done through the WordPress panel in your web browser. If the most recent version of WordPress is incompatible with the versions of PHP and mySQL installed in your web server or web host, I strongly recommend you go through the effort to upgrade those to ensure your version of WordPress is up to date. Older versions of WordPress will no longer get security patches and vulnerable to attacks.

2 Use Strong Passwords
additionally, picking strong passwords for all of the users on your blog (and your MySQL database) are fundamental ways to boost your security. Use the Strong Password Generator if you can’t come up with one on your own.
Passwords consisting of mainly names and correctly spelt words are extremely susceptible to brute-force attacks. Use characters, randomly mix up your capitalisation and avoid names and words.

3.Dont use “admin” as your username and Pick

Earlier this year, there was a spate of brute-force attacks launched at WordPress websites across the web, consisting of repeated login attempts using the username ‘admin’, combined with a bunch of common passwords.
From version 3.0 onwards you have been able to update your WordPress username, so you’re no longer limited to using the default of ‘admin’.
Fixing this is simply a case of creating a new administrator account for yourself using a different username, logging in as that new user and deleting the original “admin” account.
If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account

4. Install WordPress Security Scan Plugin

Install one or more of the following excellent security plugins: Sucuri Security , Wordfence Security, BulletProof Security, or Better WP Security.

Those help to prevent well known issues and detects hack attempts.

5.Backup Your Website

Always rely n a strong backup and recovery tools for your website. It’s not just hacking that may compromise your website but other factors like a faulty upgrade or plugin install.

Taking manual backup is very easy from Cpanel but If you are looking for an automated backup solution that runs inside your WordPress site then use plugin like BackupBuddy to backup files and databses.

6. Prevent directory browsing

Another big security loophole is having your directories (and all its files) exposed and accessible to public. Here’s a simple test to check if your WordPress directories are well protected: • Enter the following URL in browser, without the quotes. “” If it shows blank or redirect you back to home page, you are safe. However, if you see list of files then you are not.

To prevent access to all directories, place “Options All -Indexes” inside your .htaccess file.

  7. Keep an eye on file permission

It is a good idea to keep an eye on the file permissions. You have a link at the end of the article with a guide about what file permissions are and how should they be used. You can set file permission with FTP clients and FileZilla works just fine, so I recommend it.

 8.Use SSL Encryption

SSL Encryption is used for encrypting data your blog sends. This means that nobody accessing your router can intercept the data you use, such as account credentials. This way your data is not only really difficult to intercept, but also to decrypt. The bad in general is that you have to pay for having an SSL encryption, but most of the services out there do a tremendous job and also help you set up the SSL server. However, for WordPress SSL encryption is free and you only have to add this particular line to your wp-config.php:

define (‘FORCE_SSL_ADMIN’, true);

 9.Get Better Hosting

While not quite WordPress specific, we reminds you to use RAID.    If you think about it, the server’s disks are the most valuable part of the server because they have your data.  Protect against downtime and data loss by using redundant disks.  If you use shared hosting or a WP hosting service, ask them about what type of disk system they use.  If they are not using a redundant RAID or SAN, then start looking for a new host.

Wrapping Up

Security is not a simple thing, but the above simple steps can take your site from being in trouble to running rock solid for years to come. I welcome your thoughts or stories in the comments below, let me know how else you tackle security on your sites.

If you need help with a hacked site, want help configuring the plugins or themes, or would like specific recommendations for your site, please contact me.